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Abstract. In this paper, a new chaotic pseudo-random number gen- 
erator (PRNG) is proposed. It combines the well-known ISAAC and 
XORshift generators with chaotic iterations. This PRNG possesses im- 
portant properties of topological chaos and can successfully pass NIST 
and TestUOl batteries of tests. This makes our generator suitable for 
information security applications like cryptography. As an illustrative 
example, an application in the field of watermarking is presented. 
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1 Introduction 

The extremely fast development of the Internet brings growing attention to in- 
formation security issues. Among these issues, the conception of pseudo-random 
number generators (PRNGs) plays an important role. Secure PRNGs which can 
be easily implemented with simple software routines are desired. Due to the 
finiteness of the set of machine numbers, the sequences generated by numerous 
existing PRNGs are not actually random. For example, the use of stringent bat- 
teries of tests allows us to determine whether these sequences are predictable. 
Chaos theory plays an active role in the improvement of the quality of PRNGs 
[S] , [13] . The advantage of using chaos in this field lies in its disordered behavior 
and its unpredictability. 

This paper extends the study initiated in [3] and [17] . In [3] , it is proven that 
chaotic iterations (CIs), a suitable tool for fast computing iterative algorithms, 
satisfy the topological chaotic property, as it is defined by Devaney [7] . In [T7] , the 
chaotic behavior of CIs is exploited in order to obtain an unpredictable behavior 
for a new PRNG. This generator is based on chaotic iterations and depends on 
two other input sequences. These two sequences are generated by two logistic 
maps. Our generator has successfully passed the NIST (National Institute of 
Standards and Technology of the U.S. Government) battery of tests. However 
it appeared that it is a slow generator and it can't pass TestUOl because of 



the input logistic maps. Moreover this logistic map has revealed serious security 
lacks, which make it use inadequate for cryptographic applications [T]. That is 
why, in this paper, we intend to develop a new fast PRNG. It will pass TestUOl, 
widely considered as the most comprehensive and stringent battery of tests. 
This goal is achieved by using the ISAAC and XORshift maps in place of the 
two logistic maps. Chaotic properties, statistical tests and security analysis |19) 
allow us to consider that this generator has good pseudo-random characteristics 
and is capable to withstand attacks. 

The rest of this paper is organized in the following way: in Section [21 some 
basic definitions concerning chaotic iterations and PRNGs are recalled. Then, the 
generator based on discrete chaotic iterations is presented in Section[3l Section|4] 
is devoted to its security analysis. In Section[5j we show that the proposed PRNG 
passes the TestUOl statistical tests. In Section [S] an application in the field of 
watermarking is proposed. The paper ends by a conclusion and some discussions 
about future work. 

2 Basic recalls 

This section is devoted to basic notations and terminologies in the fields of 
chaotic iterations and PRNGs. 

2.1 Notations 

[1;N1 ^{1,2,. ..,A^} 
S'" ^ the n*'' term of a sequence S = {S\ S"^, . . .) 
Vi the i*'* component of a vector 

V = (wi,V2,...,Wn) 

/''' — !> fc*'* composition of a function / 
strategy a sequence which elements belong in [1; N| 
S — >■ the set of all strategies 
® — > bitwise exclusive or 
+ the integer addition 

<C and the usual shift operators 

2.2 Chaotic iterations 

Definition 1. The set B denoting {0,1}, let f : B'^ — > be an "iteration" 
function and S (z S be a ctiaotic strategy. Ttien, ttie so-called chaotic iterations 
are defined by [161 




(1) 



In other words, at the n iteration, only the S'"— th cell is "iterated". 



2.3 Input sequences 



In [T7] , we have designed a PRNG which has successfully passed the NIST tests 
suite. Unfortunately, this PRNG is too slow to pass the TestUOl battery of tests. 
Our ancient PRNG which is called CI(Logistic, Logistic) PRNG is based on 
chaotic iterations and uses logistic maps as input sequences. However, chaotic 
systems like logistic maps work in the real numbers domain, and therefore a 
transformation from real numbers into integers is needed. This process leads to 
a degradation of the chaotic behavior of the generator and a lot of time wasted 
during computations. Moreover, a recent study shows that the use of logistic 
map for cryptographic applications is inadequate and must be discouraged [T]. 
Our purpose is then to design a new, faster, and more secure generator, which is 
able to pass the TestUOl battery of tests. This is achieved by using some faster 
PRNGs like ISAAC [5] and XORshift [H] as input sequences. 



3 Design of CI(ISAAC,XORshift) 
3.1 Chaotic iterations as PRNG 

The novel generator is designed by the following process. Let N G W*, N ^ 2. 
Some chaotic iterations are fulfilled to generate a sequence (a:")„g]N G (B'^) 
of boolean vectors: the successive states of the iterated system. Some of these 
vectors are randomly extracted and their components constitute our pseudo- 
random bit flow. Chaotic iterations are realized as follows. Initial state G B'^ 
is a boolean vector taken as a seed and chaotic strategy (>S'")„g]N G |1, N]"^ is 
constructed with XORshift. Lastly, iterate function / is the vectorial boolean 
negation 

fo : (xi,...,xn) G B^ ^ (xr,...,3^) e B^ 

To sum up, at each iteration only S'*-th component of state is updated, as 
follows 

rx^'-i if i ^ 5^ 
= (2) 

[xpi iii = S\ 

Finally, let be a finite subset of IN* . Some x" are selected by a sequence as 
the pseudo-random bit sequence of our generator. The sequence (m")„g]N G 
is computed with ISAAC. So, the generator returns the following values: the 
components of , followed by the components of x™ ^"^ , followed by the 
components of x™ , etc. In other words, the generator returns the fol- 

lowing bits: 

mo mo mo mo mo+mi mo+mi mo+mi mo+mi+m2 mo+mi+m2 

1 2 3 ■ • • N ~^ 2 » ■ » N 2 • ■ ■ 

or the following integers: 

_^mo^mo+mi^mo+mi+m2 

The basic design procedure of the novel generator is summed up in Table [TJ 
The internal state is x, the output array is r. a and b are those computed by 



ISAAC and XORshift generators. Lastly, c and N are constants and M. = {c, 
c+1} (c > 3N is recommended). 



Input: the internal state x 

{x is an array of N 1-bit words) 
Output: an array r of N 1-bit words 
a ^ ISAACQ; 
m <^ a mod 2 + c 
for i = 0, . . . , m do 

b ^ XORshift{); 

S <- b mod N; 

xs ^ xs; 
end for 
r <— x; 
return r; 

An arbitrciry round of CI generator 
Table 1. CI algorithms 



3.2 Example 

In this example, N = 5 and M. = {4,5} are chosen for easy understanding. 
The initial state of the system can be seeded by the decimal part of the 
current time. For example, the current time in seconds since the Epoch is 
1237632934.484084, so t = 484084. x° = t (mod 32) in binary digits, then 
= (1, 0, 1, 0, 0). m and S can now be computed from ISAAC and XORshift: 

- m = 4, 5, 4, 4, 4, 4, 5, 5, 5, 5, 4, 5, 4,... 

- 5 = 2, 4, 2, 2, 5, 1, 1, 5, 5, 3, 2, 3, 3,... 

Chaotic iterations are done with initial state x^, vectorial logical negation /o 
and strategy S. The result is presented in Table 3. Let us recall that sequence 
m gives the states x" to return: x^,x'^~^^, a;^"'"^+^, . . . 

So, in this example, the generated binary digits are: 10100111101111110011... 
Or the integers are: 20, 30, 31, 19... 



3.3 Chaotic iterations cind chaos 

Generally the success of a PRNG depends, to a large extent, on the following cri- 
teria: uniformity, independence, storage efficiency, and reproducibility. A chaotic 
sequence may have these good pseudo-random criteria and also other chaotic 
properties, such as: crgodicity, entropy, and expansivity. A chaotic sequence is 
extremely sensitive to the initial states. That is, even a minute difference in the 
initial state of the system can lead to enormous differences in the final state 



Table 2. Application example 
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Binary Output: x'ix^x'ix'ix2,xtxixtxtxtxtxlxlxlxl.xl^xl^ ... = 10100111101111110... 
Integer Output: x", x", x^, x^,x'^...^ 20, 30, 31, 19... 



even over fairly small timescales. Therefore, chaotic sequence well fits the re- 
quirements of pseudo-random sequence. Contrary to ISAAC or XORshift, our 
generator possesses these chaotic properties. 

However, despite a huge number of papers published in the field of chaos- 
based PRNGs, the impact of this research is rather marginal. This is due to 
the following reasons: almost all PRNG algorithms using chaos are based on 
dynamical systems defined on continuous sets (e.g., the set of real numbers). So 
these generators are usually slow, require considerably more storage spaces, and 
lose their chaotic properties during computations. These major problems restrict 
their use as generators [lOj. Moreover, even if the algorithm obtained by the in- 
clusion of chaotic maps is itself chaotic, the implementation of this algorithm on 
a machine can cause it lose its chaotic nature. This is due to the finite nature of 
the machine numbers set. 

In this paper we don't simply integrate chaotic maps hoping that the imple- 
mented algorithm remains chaotic. The PRNG algorithms we conceive are con- 
stituted by discrete chaotic iterations that we mathematically proved in [3] , that 
produce topological chaos as defined by Devaney. In the same paper, we raised 
the question of their implementation, proving in doing so that it is possible to 
design a chaotic algorithm and a chaotic computer program. In conclusion, the 
generator proposed in this paper does not inherit its chaotic properties from a 
continuous real chaotic map, but from discrete chaotic iterations defined in Sec- 
tion l2.2l As quoted above, it has been proven in ,3, that chaotic iterations behave 
as chaos, as it is defined by Devaney: they are regular, transitive and sensitive 
to initial conditions. This famous definition of a chaotic behavior for a dynami- 
cal system implies unpredictability, mixture, sensitivity and uniform repartition. 
This allows the conception of a new generation of chaotic PRNGs. Because only 
integers are manipulated in discrete chaotic iterations, the chaotic behavior of 
the system is preserved during computations, and these computations are fast. 



4 Security analysis 



In this section a security analysis of the proposed generator is given. 

4.1 Key space 

The PRNG proposed in this document is based on discrete chaotic iterations. It 
has an initial value € B^. Considering this set of initial values alone, the key 
space size is equal to 2^. In addition, this PRNG combines digits of two other 
PRNGs: ISAAC and XORshift. Let fci and fca be the key spaces of ISAAC and 
XORshift. So the total key space size is close to 2^ • fci • ^2- Finally, the impact 
of Ai must be taken into account. This leads to conclude that the key space size 
is large enough to withstand attacks. 

4.2 Key sensitivity 

This PRNG is highly sensitive to the initial conditions. To illustrate this property 
proved in [3] , several initial values are put into the chaotic system. Let H be the 
number of differences between the sequences obtained in this way. Suppose n is 
the length of these sequences. Then the variance ratio P, defined by P = H/n, 
is computed. The results are shown in Figure la {x axis is sequence lengths, y 
axis is variance ratio P). Variance ratios approach 0.50, which indicates that the 
system is extremely sensitive to the initial conditions. 



Sensitivity analysis 




a. sensitivity b. Second order distribution 



Fig. 1. Security analysis 



4.3 Uniform distribution 

Figure lb gives a 3D graphic representation of the distribution of a random 
sequence obtained by our generator. The point cloud presents a uniform distri- 
bution that tends to fill the complete 3D space, as expected for a random signal. 



To obtain this cloud, we have first changed the binary sequence to a TV-bit integer 
sequence xi, X2, xa, X4... Then we have plot [jk, §w, §n) , (ffr, §n, 

5 TestUOl Statistical Test Results 

In a previous section, we have shown that the proposed PRNG has strong chaotic 
properties, as Devaney's chaos. In particular, this generator is better than the 
well-known XORshift and ISAAC, in the topological point of view. In addition 
to being chaotic, we will show in this section that CI(ISAAC, XORshift) is better 
than XORshift, and at least as good as ISAAC 18 in the statistical point of view. 
Indeed, similarly to ISAAC and contrary to XORshift, CI(ISAAC,XORshift) can 
pass the stringent Big Crush battery of tests included in TestUOl. In addition, 
our generator achieves to pass all the batteries included in TestUOl. To our 
best knowledge, this result has not been proven for ISAAC, and only one other 
generator is capable of doing this [6] 

5.1 TestUOl 

Indeed, the quality of a PRNG should be based on theoretical fundamentals but 
should also be tested empirically. Various statistical tests are available in the 
literature that test a given sequence for some level of computational indistin- 
guishability. Major test suites for RNGs are TestUOl [U, the NIST suite [15], 
and the DieHARD suites [l^. The DieHARD suites, which implement many clas- 
sical RNG tests, have some drawbacks and limitations. The National Institute of 
Standards and Technology (NIST), in the United States, has implemented a test 
suite (16 tests) for RNGs. It is geared mainly for the testing and certification 
of RNGs used in cryptographic applications. TestUOl is extremely diverse in 
implementing classical tests, cryptographic tests, new tests proposed in the lit- 
erature, and original tests. In fact, it encompasses most of the other test suites. 
The proposed PRNG has been tested using TestUOl for its statistical pseudo 
randomness. 

5.2 Batteries of tests 

Table[3]lists seven batteries of tests in the TestUOl package. "Standard" param- 
eter in this Table refers to the built-in parameters of the battery. TestUOl suite 
implements 518 tests and reports p— values. If a p— value is within [0.001, 0.999], 
the associated test is a success. A p— value lying outside this boundary means 
that its test has failed. 

5.3 Analysis 

In a sound theoretical basis, a PRNG based on discrete chaotic iterations (ICs) 
is a composite generator which combines the features of two PRNGs. The first 
generator constitutes the initial condition of the chaotic dynamical system. The 



Table 3. TestUOl Statistical Test 
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second generator randomly chooses which outputs of the chaotic system must be 
returned. The intention of this combination is to cumulate the effects of chaotic 
and random behaviors, to improve the statistical and security properties relative 
to each generator taken alone. 

This PRNG based on discrete chaotic iterations may utilize any reasonable 
RNG as inputs. For demonstration purposes, XORshift and ISAAC are adopted 
here. The PRNG with these inputs can pass all of the performed tests. 

6 Application example in digital watermarking 

In this section, an application example is given in the field of digital watermark- 
ing: a watermark is encrypted and embedded into a cover image using chaotic 
iterations and our PRNG. The carrier image is the famous Lena, which is a 256 
grayscale image, and the watermark is the 64 x 64 pixels binary image depicted 
in Fig. 2d. Let us encrypt the watermark by using chaotic iterations. The initial 
state of the system is constituted by the watermark, considered as a boolean 
vector. The iteration function is the vectorial logical negation /q. The PRNG 
presented previously is used to obtain a sequence of integers lower than 4096, 
which will constitute the chaotic strategy (S''^)fcg]N. Thus, the encrypted water- 
mark is the last boolean vector generated by the chaotic iterations. An example 
of such an encryption, with 5000 iterations, is given in Fig.2e. 

Let L be the 256^ booleans vector constituted by the three last bits of each 
pixel of Lena. We define U'' by U° = S° and f/"+i = S''+^+2xU"+n [mod 256^]. 
The watermarked Lena is obtained from the original Lena lo, the three last 
bits of which are replaced by the result of 64^ chaotic iterations with initial state 
L, and strategy (see Fig. 2b). Spatial domain embedding has been chosen 
here for easy understanding, but this watermarking scheme can be adapted to 
frequency domain (for an example of its use in DWT domain, see [2]). The 
extraction of the watermark can be obtained in the same way |2]. Remark that 
the map 9 ^ 26 oi the torus, which is the well-known dyadic transformation 
(an example of topological chaos 7 ), has been chosen to make (C/'^)fc^642 highly 
sensitive to the chaotic encryption strategy. 



(I. Loua {s<-(ilf 0.5) b. Watermarked Lena 
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watermark 



Fig. 2. Original and watermarked Lena 



The robustness of this data hiding scheme through geometric and frequency 
attacks has been studied in [2] . The chaos-security and stego-security are proven 
in [8]. The difference with the scheme presented in these papers is the way to 
generate strategies, i.e., the choice of the initial conditions for chaotic itera- 
tions, in the encryption and embedding stages. This improvement does not alter 
robustness and subspace-security. We have shown in this study that this re- 
placement enhances the speed of the scheme. Moreover, it resolves a potential 
security lack related to the use of a logistic map [T] when generating the strate- 
gies: this lack might be exploited by an attacker in Watermark-Only-Attack 
and Known-Message- Attack setups [4 . Instead of logistic map, our PRNG has 
good statistical properties and can withstand such attacks. This claim will be 
deepened in future work. 

7 Conclusions and future work 

In this paper, the PRNG proposed in is improved. This is achieved by using 
the famous ISAAC and XORshift generators and by combining these compo- 
nents with chaotic iterations. Thus we obtain a faster generator which satisfies 
chaotic properties. In addition to passing the NIST tests suite, this new genera- 
tor successfully passes all the stringent TestUOl battery of tests. The randomness 
and disorder generated by this algorithm has been evaluated. It offers a suffi- 
cient level of security for a whole range of applications in computer science. An 
application example in the field of data hiding is finally given. In future work, 
the comparison of different chaotic strategies will be explored and other iteration 
functions will be studied. Finally, other applications in computer science security 
field will be proposed, especially in cryptographic domains. 
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